package com.example.userserver.shiro;

import com.example.userserver.service.UserService;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.springframework.context.annotation.Bean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;
/**
 * @Author: xzy
 * @Date: 2022/
 */
@Configuration
public class ShiroConfig {
    /**
     * shiroFilter 过滤
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 需要登陆的接口 访问未登录 或 token失效时 回调setLoginUrl里的接口
        shiroFilterFactoryBean.setLoginUrl("/api/401");
        // 登录成功后回调路径  前后端分离项目不必要
        // shiroFilterFactoryBean.setSuccessUrl("/");
        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<>();
        /**
         * anon  匿名也可以访问  ps：没登录就能访问
         * authc  需要登录以后才可以访问
         * 过滤链 是由上而下执行的  所以 一般把 /** 放在最下面
         */
       // filterChainDefinitionMap.put("/api/test","authc");
        filterChainDefinitionMap.put("/**","anon");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }
    /**
     * 配置 安全管理器
     * @return
     */
    @Bean
    public SecurityManager securityManager(){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(customAuthorizingRealm());
        return securityManager;
    }

    /**
     * 将自定义realm 加入容器
     * @return
     */
    @Bean
    public CustomAuthorizingRealm customAuthorizingRealm(){
        CustomAuthorizingRealm realm = new CustomAuthorizingRealm();
        realm.setCredentialsMatcher(hashedCredentialsMatcher());
        return realm;
    }

    /**
     *定义密码加密规则
     * @return
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        // 设置散列算法
        hashedCredentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
        // 设置双层MD5  散列次数
       // hashedCredentialsMatcher.setHashIterations(2);
       // hashedCredentialsMatcher.setStoredCredentialsHexEncoded(false);
        return hashedCredentialsMatcher;

    }
//    @Bean
//    HashedCredentialsMatcher sysUserAuthorizingRealm( UserService userService){
//        HashedCredentialsMatcher realm = new HashedCredentialsMatcher( userService);
//        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
//        credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
//        realm.setCredentialsMatcher(credentialsMatcher);
//        realm.setCachingEnabled(true);
//        realm.setAuthorizationCachingEnabled(true);
//        return realm;
//    }
}
